Reading Time: 3 minutes

By Chris Gordon, ITSM Managing Consultant, Logicalis US

This is another installment in a series of blogs that gives IT leaders a better understanding into the realm of possibilities enabled by an effective IT Service Management (ITSM) strategy. Each of these blogs offers ITSM best practices that can help you innovate and improve your IT processes and strategies so they align to the needs of the business.

We all hear the sayings about worst-case scenarios, with “It’s not if, but when a disaster strikes” being one of the more common phrases. Regardless of how skeptical your leadership feels towards unfortunate circumstances, major outages do happen. It’s thus important to consider the key questions:

  • If a critical application goes down and disrupts the business, at what point in that outage does the incident go from a Band-Aid fix to a full restore or recovery?
  • Is there an effective way to classify your most critical operational functions and business applications to definitively know if you have hit the point-of-no-return so that a disaster needs to be declared?
  • And in a worst case, where an entire facility or data center is inoperable—affecting multiple critical applications—how quickly can operations determine the highest-priority systems to recover first?

Often times, it is difficult for a CIO to approach the topic of Disaster Recovery because there is a lot involved, and it can take a really long time to assemble all the components. Yet, if the CIO is accountable for ensuring that all the critical systems and applications needed to run the business are available, then it’s inevitable that IT must develop an effective Disaster Recovery/Business Continuity (DR/BC) program.

Consider taking an assertive first-step-forward by outlining your DR/BC game plan to gain momentum and to build a sense of purpose in leading the effort. By following the steps below, you can initiate an approach to kick-start your Disaster Recovery program in 30 days or less. Your goal at the end should include outlining the vision, purpose and approach for DR/BC that helps you secure sponsorship buy-in.

Week One: Establish a Purpose and Set the Vision

o   Document a program charter with vision, goals, objectives and ownership

o   Identify the risks of not moving forward vs. the benefits and the value to the business

o   Document key responsibilities, standards and requirements for compliance

Week Two: Outline the Types of Testing and Levels of Documentation

o   Outline a Risk Analysis (RA) method or approach

o   Start designing a Business Impact Analysis (BIA) questionnaire

o   Document recommended Recovery Time Objectives (RTO)

o   Outline templates for DR/BC documentation

o   Document the ideal levels of testing and training and the frequency of revisions

Week Three: Identify the Approach for Managing and Maintaining the Program

o   Establish a method for assessing and classifying in-scope systems and applications

o   Outline a policy for DR/BC based on industry standards and compliance requirements

o   Identify a central location where information and documentation can be stored, edited and maintained

o   Outline a strategy for meeting recovery objectives with viable technology solutions (cloud disaster recovery, hot/cold sites)

o   Document recommendations for how to budget and charge the costs for DR services

Week Four: Provide Awareness and Secure Buy-In from Leadership

o   Document a high-level overview of the DR/BC vision, goals and objectives

o   Present the strategy to executive sponsors and stakeholders

o   Gain buy-in and direction to proceed with the program

Transforming IT into a Service-Defined Enterprise

By following these steps, a strategic plan of action and approach for initializing a brand-new ITSM practice area for Disaster Recovery and Business Continuity in your organization can be outlined and presented to leadership for consideration in 30 days or less. Creating a new sense of urgency for launching a DR/BC program can also trigger a push for best practices across the entire spectrum of risk management—including security, compliance, governance and service continuity.

And with the right motivation, anyone who is passionate about ITSM or risk management can step forward to provide the necessary thought leadership—for transforming IT into a service-defined enterprise.

For more information on ITSM strategies and best practices, contact Chris Gordon at

To view of all of Chris Gordon’s ITSM blogs published to date, visit